9 Comments

How is printf() in C/C++ a Buffer overflow vulnerability?Slightly off-topic, but I do not agree at all with your comment regarding snprintf: it is difficult to use sprintf in a secure manner (and practically impossible if you use a %s format specifier), but snprintf, when used correctly, is safe: when snprintf truncates the input, because its size exceeds the buffer, it is not silent but tells you by giving a return value equal to the buffer size.

Sep1

comment

Is the following password-generator secure?@that guy from over there: sounds fun:P. Unfortunately, it seems that I was wrong and that the RNG is seeded by 16 bytes from /dev/urandom on most platforms rather than bt the timestamp (I updated my answer accordingly). This means a simple brute-force of seeds won't do the trick after all.

Aug30

comment

Is the following password-generator secure?@that guy from over there: there are less than 2^42 milliseconds in a century. My laptop could check each possible password generated somewhere in the past 100 years in half a day. If I'd know in what year the password was generated, it would be a matter of minutes.

Aug8

comment

backdoors in hardware (ie. intel/amd cpu) possible?Not neccessarily: if an attacker would tamper with a hardware RNG (also comes with some modern CPU's) used for cryptography, or could influence the enropy sources the OS uses to seed its PRNG with, then they could make the device in question generate numbers that are indistinguisible from random numbers, but are still predictible to the attacker. You could only find out about this by examining the inner workings of the random number generator or entropy sources (which may be incredibly difficult or expensive) but you cannot detect it by simply examining the in- and output of your machine.

Jan6

comment

Is OpenSSL secure enough?Not all security errors in SSL implementations are caused by buffer overflows: side-channel attacks on cryptographic functions (which might be a lot more difficult to avoid in pure Java code, especially timing attacks) and logical errors in the protocol implementation are more likely to cause security issues than the fact that the library is not implemented in a memory-safe language.

Jul30

comment

How to secure passwords when site is opensourceI personally prefer using unique salts and a static salt. In the event that your database is leaked but the place (config file or such) in which you store your static is not, attackers still won't be able to achieve anything. It's a slight improvement, but an improvement nonetheless.

Jun30

comment

How to defend against invalid UTF7/8 that hides a <script> tag?Exactly. I would like to add that, even if you would have a perfect XSS-detector, you shouldn't be filtering input anyway. What if, say, a user wants to use a < somewhere or demonstrate some Javascript? Instead you should see text and HTML as two different things; and whenever you want to include some form of text into your page, you'll have to 'convert' it to HTML (by using an escape function that only accepts UTF-8) first.

An alternative to traditional passwords: is there some merit to this idea?Thanks, those are some good points. However, I don't think the dictionary is such a problem: the Oxford dictionary contains about 170000 words, which would translate to a word list of about 1MB (you can reduce its size by e.g. using a smaller dictionary of more common words and not including short words). That's not very difficult to do lookups in at the server-side. If someone where to use only five words (without anything added to make it into a valid sentence) you'd still have a massive amount of possible combinations.